Embodiments of the present invention provide a system for network device owner identification and communication triggering. In particular, the system may monitor a plurality of systems of record associated with network of devices and/or individual network components. A primary user for each of these network components is identified, either through a known association in the systems of record or from analysis of records of network traffic associated with each network component. The primary user is recorded for each network component. In the event a vulnerability of a network component is identified, information about the network vulnerability is identified, aggregated with other information about the network component and potential remediation procedures, and compiled as a vulnerability notification. In response to the vulnerability, the system is automatically triggered to transmit the vulnerability notification to the primary user.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A system for network component owner identification and communication triggering, the system comprising: a memory device; and one or more processing devices operatively coupled to the memory device, wherein the one or more processing devices are configured to execute computer-readable program code to: monitor a plurality of systems of record associated with a network of devices; identify, from the monitored plurality of systems of record, a primary user of a network component, wherein identifying the primary user of the network component comprises determining a correlation value between the network component and a user associated with the network component, wherein the correlation value is based on ownership correlation criteria of (i) administrator-type actions taken on the network component, (ii) high frequency of accessing the network component, (iii) high duration of accessing the network component, and (iv) a lack of other users that are associated with the network component; record a linkage between the primary user, communication information for the primary user, and the network component in an ownership database; determine that a vulnerability of the network component is occurring; and in response to determining that the vulnerability of the network component is occurring, automatically transmit a notification of the vulnerability to a computing device of the primary user.
2. The system of claim 1 , wherein identifying the primary user of the network component comprises: determining that the primary user cannot be identified in a primary system of record; determining that the primary user cannot be identified in secondary systems of record; analyzing network traffic to the network component to identify a plurality of users that have accessed the network component during a predetermined period of time; identifying, from the plurality of users, a first user that either (i) most recently accessed the network component or (ii) accessed the network component a greater number of times than any others of the plurality of users; and assigning the first user as the primary user of the network component.
3. The system of claim 2 , wherein identifying the plurality of users comprises identifying a set of users associated with login credentials that were entered during the predetermined period of time.
4. The system of claim 2 , wherein identifying the plurality of users comprises identifying a set of users that own a plurality of separate devices that communicated with the network component during the predetermined period of time.
5. The system of claim 1 , wherein the one or more processing devices are further configured to execute computer-readable program code to: identify vulnerability information for the vulnerability of the network component comprising at least a vulnerability classification, a remediation deadline, and a lifecycle of the vulnerability, wherein the notification of the vulnerability includes the vulnerability information.
6. The system of claim 5 , wherein identifying the vulnerability information for the vulnerability of the network component comprises comparing the vulnerability to a vulnerability database to identify the vulnerability classification, the remediation deadline, and the lifecycle of the vulnerability.
7. The system of claim 1 , wherein the one or more processing devices are further configured to execute computer-readable program code to: determine whether a remediation procedure has been initiated; and when the remediation procedure has not been initiated, transmit a second notification to the computing device of the primary user; or when the remediation procedure has not been initiated, transmit a request to the computing device of the primary user for confirmation that the remediation procedure will be completed by a remediation deadline.
8. The system of claim 1 , wherein the computing device of the primary user is not the network component.
9. A computer program product for network component owner identification and communication triggering, the computer program product comprising at least one non-transitory computer readable medium comprising computer readable instructions, the instructions comprising instructions for: monitoring a plurality of systems of record associated with a network of devices; identifying, from the monitored plurality of systems of record, a primary user of a network component, wherein identifying the primary user of the network component comprises determining a correlation value between the network component and a user associated with the network component, wherein the correlation value is based on ownership correlation criteria of (i) administrator-type actions taken on the network component, (ii) high frequency of accessing the network component, (iii) high duration of accessing the network component, and (iv) a lack of other users that are associated with the network component; recording a linkage between the primary user, communication information for the primary user, and the network component in an ownership database; determining that a vulnerability of the network component is occurring; and in response to determining that the vulnerability of the network component is occurring, automatically transmitting a notification of the vulnerability to a computing device of the primary user.
10. The computer program product of claim 9 , wherein identifying the primary user of the network component comprises: determining that the primary user cannot be identified in a primary system of record; determining that the primary user cannot be identified in secondary systems of record; analyzing network traffic to the network component to identify a plurality of users that have accessed the network component during a predetermined period of time; identifying, from the plurality of users, a first user that either (i) most recently accessed the network component or (ii) accessed the network component a greater number of times than any others of the plurality of users; and assigning the first user as the primary user of the network component.
11. The computer program product of claim 10 , wherein identifying the plurality of users comprises identifying a set of users associated with login credentials that were entered during the predetermined period of time.
12. The computer program product of claim 10 , wherein identifying the plurality of users comprises identifying a set of users that own a plurality of separate devices that communicated with the network component during the predetermined period of time.
13. The computer program product of claim 9 , wherein the computer readable instructions further comprise instructions for: identifying vulnerability information for the vulnerability of the network component comprising at least a vulnerability classification, a remediation deadline, and a lifecycle of the vulnerability, wherein the notification of the vulnerability includes the vulnerability information.
14. The computer program product of claim 13 , wherein identifying the vulnerability information for the vulnerability of the network component comprises comparing the vulnerability to a vulnerability database to identify the vulnerability classification, the remediation deadline, and the lifecycle of the vulnerability.
15. The computer program product of claim 9 , wherein the computer readable instructions further comprise instructions for: determining whether a remediation procedure has been initiated; and when the remediation procedure has not been initiated, transmitting a second notification to the computing device of the primary user; or when the remediation procedure has not been initiated, transmitting a request to the computing device of the primary for confirmation that the remediation procedure will be completed by a remediation deadline.
16. The computer program product of claim 9 , wherein the computing device of the primary user is not the network component.
17. A computer implemented method for network component owner identification and communication triggering, said computer implemented method comprising: providing a computing system comprising a computer processing device and a non-transitory computer readable medium, where the computer readable medium comprises configured computer program instruction code, such that when said instruction code is operated by said computer processing device, said computer processing device performs the following operations: monitoring a plurality of systems of record associated with a network of devices; identifying, from the monitored plurality of systems of record, a primary user of a network component, wherein identifying the primary user of the network component comprises determining a correlation value between the network component and a user associated with the network component, wherein the correlation value is based on ownership correlation criteria of (i) administrator-type actions taken on the network component, (ii) high frequency of accessing the network component, (iii) high duration of accessing the network component, and (iv) a lack of other users that are associated with the network component; recording a linkage between the primary user, communication information for the primary user, and the network component in an ownership database; determining that a vulnerability of the network component is occurring; and in response to determining that the vulnerability of the network component is occurring, automatically transmitting a notification of the vulnerability to a computing device of the primary user.
18. The computer implemented method of claim 17 , wherein identifying the primary user of the network component comprises: determining that the primary user cannot be identified in a primary system of record; determining that the primary user cannot be identified in secondary systems of record; analyzing network traffic to the network component to identify a plurality of users that have accessed the network component during a predetermined period of time; identifying, from the plurality of users, a first user that either (i) most recently accessed the network component or (ii) accessed the network component a greater number of times than any others of the plurality of users; and assigning the first user as the primary user of the network component.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
February 6, 2018
October 20, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.